Spyware, Viruses, & Security forum

General discussion

Removing Security Master AV using Bleeping Computer method

by joe1896 / July 13, 2010 10:02 PM PDT

I tried following the Bleeping Computer instructions. Tried 3 times, ran rKill, ran through the whole scan(took quite a while) and each time it found a couple hundred infected files. However, when I get to the step to click "OK" in order to view/remove the infected files, I click "OK", and the malware removal tool closes down completely. This leaves me with the infected files in my computer. What's worse, no other spyware/malware removal tools even find all the files.

I' guess it's possible that the virus itself is causing the program to close, but not 100% certain (seems that it's a problem with the removal tool itself). So, I'm currently stuck at an impasse. CAN ANYONE HELP?

Discussion is locked
You are posting a reply to: Removing Security Master AV using Bleeping Computer method
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Removing Security Master AV using Bleeping Computer method
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
A Request for Further Information..
by Carol~ Moderator / July 14, 2010 12:02 AM PDT

Joe..

Which "malware removal tool" are you referring to? In the same sentence where you mentioned Rkill, you stated it "found a couple of hundred infected files". Perhaps, it's only the wording which has thrown me off. Rkill's purpose is to kill known processes, which impede the use of the standard anti-malware removal tools. When you say the removal tool closes down completely, were you referring to Rkill? Or Malwarebytes' Anti-Malware?

It would help to know if you received any error messages along the way. It would also help to know, what other problems you were/are experiencing. Knowing which operating system you're running ALWAYS helps. In other words... "any/all details help". It narrows down, what we might offer in the way of help.

It was a good idea to start your own thread, instead of posting at the bottom of another. I'm sure you can understand, why I'm going to remove your duplicate post from yesterday.

Thanks..
Carol

Collapse -
Re: A Request for Further Information
by joe1896 / July 14, 2010 1:32 AM PDT

Carol -

Thank you for getting back. And yes, this is no problem. To clarify, I am running Windows XP. Following the Bleeping Computer instructions, I FIRST ran Rkill, in order to stop the Security Master AV processes from interfering with any removal efforts.

Next, I downloaded Malwarebytes' Anti-Malware (continuing to follow the forum's instructions), and subsequently ran a deep scan using this utility. Now, the Malwarebytes' Anti-Malware finds a couple hundred infected files, and displays a pop-up box informing me that the scan has finished, and to press "OK" to close said pop-up and proceed to us the Anti-Malware program to removal the files it had found. However, when I click "OK", the program shuts down, having not removed the files.

I repeated the process, with identical results each time.

Collapse -
Something To Try..
by Carol~ Moderator / July 14, 2010 2:44 AM PDT

Joe..

I presume you knew not to reboot after running Rkill. Doing so is only going to allow the malware processes to start again.

Do you get as far as where you click on "Show Results"? Or did it shutdown just after this point, when you clicked on "Remove Selected"?

Joe, try running a Quick Scan in Safe Mode. If the same thing happens, you can try one other thing, for the time being. It sometimes helps, when MBAM is able to be install but won't run. Apparently, you can run it, but try it anyway. Go to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe. Rename the mbam.exe to something such as joe.exe. Double-click on it and run it from there. I doubt it's going to make a difference, but it's worth a try. Try running it in safe mode first, w/o renaming it.

Let us know how you make out..
Carol

Collapse -
Almost there (I think)
by joe1896 / July 14, 2010 9:45 PM PDT
In reply to: Something To Try..

Well, running the entire sequence in safe mode allowed me to proceed with the scan & removal, as per the instructions. Thank you for that suggestion! Seemed to allow the MBAM to run fine without interference from the SMAV virus.

However...

A "Security Master AV" icon still appeared in my "Programs" list (via the Start menu), and when I drill down to the target folder for that program, I still find a number of files. Additionally, my browser is still redirecting me to all sorts of websites, and running the MBAM again in normal startup mode continues to find infected files.

Had to stop last night (it was very late), but I tried to set up the computer so I can continue today. First, I moved all the files I found in the target folder to the recycle bin (since you cant remove via "add/remove programs utility"), and secondly, I am going to run through the entire sequence again, this time after having shut the computer down. Will let you know how it goes. In the meantime, please let me know if there's something else I might be missing. Thank you.

Collapse -
Something Is / Was Missing..
by Carol~ Moderator / July 15, 2010 4:46 AM PDT
In reply to: Almost there (I think)

Hi Joe..

Sounds like you've made some progress. A good thing. For some strange reason, I don't remember reading anything about "redirects" in any of your prior posts. Is there any other information you're hiding from me? Happy

Run Kaspersky's TDSSKiller utility. The instructions and download can be found here:

http://support.kaspersky.com/viruses/solutions?qid=208280684

If the above doesn't find/fix anything, check to make sure your Internet Connections settings are "as they should be". (To include the "DNS Servers" settings) Additionally, the infection also has the ability to change Window's HOSTS file. Whether it has in your case, I don't know. (Read Steps 17 & 18) Run the above scan first.

Furthered good luck!
Carol

Collapse -
Think we did it!
by joe1896 / July 16, 2010 4:35 AM PDT

Thank you very much for these suggestions. Here's a recap of where I stand this morning:
-- TDSSKiller effective in killing the re-direct problem (thanks for that!)

-- Ran through entire protocol again from start to finish. Seems like MBAM found/removed all infected files. However, I had to manually delete the Security Master AV icon from the "Start --> Programs" menu, as that remained (a little worrisome, but looks like it's all gone).

-- Even after restarts, MBAM and other anti-spyware program come up clean

Two final questions/issues:
1) I'm getting some strange errors messages now when I start programs on my computer (particularly with MS office). Ultimately, the programs will open and run, but I have to first click off messages saying that the program needs to be repaired. I can live with this since the programs work, just thinking maybe this is a residual effect of the virus removal?

2) My new "HOSTS" file is a .txt file. On another website (not bleeping computer), they advised running through a few steps to change the format of this file. Do you suggest the same?

Collapse -
More YOU than me! :)
by Carol~ Moderator / July 17, 2010 9:42 AM PDT
In reply to: Think we did it!

Hi Joe...

"Even after restarts, MBAM and other anti-spyware program come up clean".

? I'm going to take for granted MBAM reported you clean after running a Full Scan. I originally suggested you run a Quick Scan in Safe Mode, in order to get MBAM running. Glad to hear of all these clean reports!

"1) I'm getting some strange errors messages now when I start programs on my computer (particularly with MS office). Ultimately, the programs will open and run, but I have to first click off messages saying that the program needs to be repaired. I can live with this since the programs work, just thinking maybe this is a residual effect of the virus removal?"

? I'm only left to guess what the error messages read, but you mentioned the words "open" and "repair". You may need to repair one of the following file associations. Try the "LNK (Shortcut) File Association Fix" and "EXE File Association Fix" at the below link. The instructions are at the top of the page.

http://www.dougknox.com/xp/file_assoc.htm

2) My new "HOSTS" file is a .txt file. On another website (not bleeping computer), they advised running through a few steps to change the format of this file. Do you suggest the same?

? Yes, I do suggest the same!

Best of luck..
Carol

Collapse -
Incredible!
by joe1896 / July 19, 2010 12:04 PM PDT
In reply to: More YOU than me! :)

Changed the HOSTS File....Check

Ran the EXE and LNK fixes..Check

THREE different anti-spyware programs come up clean..check

So, no more spyware/malware, and all programs running correctly. I cannot tell you how much I appreciate your help. Thank you so much for the patience and sage advice!

Much obliged,
Joe

Collapse -
(NT) Check!Check!Check! Music to my ears! You're welcome, Joe :)
by Carol~ Moderator / July 19, 2010 12:12 PM PDT
In reply to: Incredible!
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!